From 4546518f78d4a1ea0f1ced03dc42340cfeff2f23 Mon Sep 17 00:00:00 2001
From: Gio Lodi <gio@mokacoding.com>
Date: Wed, 22 Jan 2025 06:23:17 +1100
Subject: [PATCH] Tweak code signing lanes naming and make them all public
 (#23991)

* Use block named parameters in code signing lanes

* Use hierarchical names in code signing lanes

This way, we can better code complete

* Rename `alpha_code_sign` to `..._wordpress_enterprise`

Full name `update_certs_and_profiles_wordpress_enterprise`

* Rename `appstore_code_sign` to `..._wordpress_app_store`

Full name `update_certs_and_profiles_wordpress_app_store`

* Rename `jetpack_alpha_code_sign` to `..._jetpack_enterprise`

Full name `update_certs_and_profiles_jetpack_enterprise`

* Rename `jetpack_appstore_code_sign` to `..._jetpack_app_store`

Full name `update_certs_and_profiles_jetpack_app_store`

* Make app-x-account specific code sign lanes public

This way, we can call them when it's time to regenerate the profiles for
one single combination without hacking the `Fastfile`.

* Add lanes code signing lanes to Enterprise and App Store only combos

* Configure code signing bucket `s3_region` to `us-east-2`

This will avoid API redirects

* Extract code signing S3 settings in constant

Next step... move the constant to release toolkit?
---
 fastlane/lanes/build.rb    |  8 ++---
 fastlane/lanes/codesign.rb | 71 ++++++++++++++++++++++++--------------
 2 files changed, 50 insertions(+), 29 deletions(-)

diff --git a/fastlane/lanes/build.rb b/fastlane/lanes/build.rb
index ed75d66f1378..50781d458de8 100644
--- a/fastlane/lanes/build.rb
+++ b/fastlane/lanes/build.rb
@@ -169,7 +169,7 @@
 
     sentry_check_cli_installed
 
-    appstore_code_signing
+    update_certs_and_profiles_wordpress_app_store
 
     build_app(
       scheme: 'WordPress',
@@ -235,7 +235,7 @@
   lane :build_and_upload_jetpack_for_app_store do
     sentry_check_cli_installed
 
-    jetpack_appstore_code_signing
+    update_certs_and_profiles_jetpack_app_store
 
     build_app(
       scheme: 'Jetpack',
@@ -285,7 +285,7 @@
   lane :build_and_upload_wordpress_prototype_build do
     sentry_check_cli_installed
 
-    alpha_code_signing
+    update_certs_and_profiles_wordpress_enterprise
 
     build_and_upload_prototype_build(
       scheme: 'WordPress Alpha',
@@ -305,7 +305,7 @@
   lane :build_and_upload_jetpack_prototype_build do
     sentry_check_cli_installed
 
-    jetpack_alpha_code_signing
+    update_certs_and_profiles_jetpack_enterprise
 
     build_and_upload_prototype_build(
       scheme: 'Jetpack',
diff --git a/fastlane/lanes/codesign.rb b/fastlane/lanes/codesign.rb
index dca04665bf02..09c7f4786913 100644
--- a/fastlane/lanes/codesign.rb
+++ b/fastlane/lanes/codesign.rb
@@ -1,5 +1,11 @@
 # frozen_string_literal: true
 
+CODE_SIGNING_STORAGE_OPTIONS = {
+  storage_mode: 's3',
+  s3_bucket: 'a8c-fastlane-match',
+  s3_region: 'us-east-2'
+}.freeze
+
 # Lanes related to Code Signing and Provisioning Profiles
 #
 platform :ios do
@@ -9,8 +15,8 @@
   # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
   #
   lane :update_certs_and_profiles do |options|
-    update_wordpress_certs_and_profiles(options)
-    update_jetpack_certs_and_profiles(options)
+    update_certs_and_profiles_wordpress(options)
+    update_certs_and_profiles_jetpack(options)
   end
 
   # Downloads all the required certificates and profiles (using `match`) for all WordPress variants.
@@ -18,9 +24,9 @@
   #
   # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
   #
-  lane :update_wordpress_certs_and_profiles do |options|
-    alpha_code_signing(options)
-    appstore_code_signing(options)
+  lane :update_certs_and_profiles_wordpress do |readonly: true|
+    update_certs_and_profiles_wordpress_enterprise(readonly: readonly)
+    update_certs_and_profiles_wordpress_app_store(readonly: readonly)
   end
 
   # Downloads all the required certificates and profiles (using `match`) for all Jetpack variants.
@@ -28,24 +34,20 @@
   #
   # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
   #
-  lane :update_jetpack_certs_and_profiles do |options|
-    jetpack_alpha_code_signing(options)
-    jetpack_appstore_code_signing(options)
+  lane :update_certs_and_profiles_jetpack do |readonly: true|
+    update_certs_and_profiles_jetpack_enterprise(readonly: readonly)
+    update_certs_and_profiles_jetpack_app_store(readonly: readonly)
   end
 
-  ########################################################################
-  # Private lanes
-  ########################################################################
-
   # Downloads all the required certificates and profiles (using `match``) for the WordPress Alpha builds (`org.wordpress.alpha`) in the Enterprise account
   # Optionally, it can create any new necessary certificate or profile.
   #
   # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
   #
-  private_lane :alpha_code_signing do |options|
+  lane :update_certs_and_profiles_wordpress_enterprise do |readonly: true|
     update_code_signing_enterprise(
       app_identifiers: ALL_WORDPRESS_BUNDLE_IDENTIFIERS.map { |id| id.sub(WORDPRESS_BUNDLE_IDENTIFIER, 'org.wordpress.alpha') },
-      readonly: options.fetch(:readonly, true)
+      readonly: readonly
     )
   end
 
@@ -54,10 +56,10 @@
   #
   # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
   #
-  private_lane :appstore_code_signing do |options|
+  lane :update_certs_and_profiles_wordpress_app_store do |readonly: true|
     update_code_signing_app_store(
-      readonly: options.fetch(:readonly, true),
-      app_identifiers: ALL_WORDPRESS_BUNDLE_IDENTIFIERS
+      app_identifiers: ALL_WORDPRESS_BUNDLE_IDENTIFIERS,
+      readonly: readonly
     )
   end
 
@@ -66,10 +68,10 @@
   #
   # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
   #
-  private_lane :jetpack_alpha_code_signing do |options|
+  lane :update_certs_and_profiles_jetpack_enterprise do |readonly: true|
     update_code_signing_enterprise(
       app_identifiers: ALL_JETPACK_BUNDLE_IDENTIFIERS.map { |id| id.sub(JETPACK_BUNDLE_IDENTIFIER, 'com.jetpack.alpha') },
-      readonly: options.fetch(:readonly, true)
+      readonly: readonly
     )
   end
 
@@ -78,12 +80,32 @@
   #
   # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
   #
-  private_lane :jetpack_appstore_code_signing do |options|
+  lane :update_certs_and_profiles_jetpack_app_store do |readonly: true|
     update_code_signing_app_store(
-      readonly: options.fetch(:readonly, true),
-      app_identifiers: ALL_JETPACK_BUNDLE_IDENTIFIERS
+      app_identifiers: ALL_JETPACK_BUNDLE_IDENTIFIERS,
+      readonly: readonly
     )
   end
+
+  # Downloads all the required certificates and profiles (using `match`) for both Jetpack and WordPress App Store variants.
+  # Optionally, it can create any new necessary certificate or profile.
+  #
+  # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
+  #
+  lane :update_certs_and_profiles_app_store do |readonly: true|
+    update_certs_and_profiles_jetpack_app_store(readonly: readonly)
+    update_certs_and_profiles_wordpress_app_store(readonly: readonly)
+  end
+
+  # Downloads all the required certificates and profiles (using `match`) for both Jetpack and WordPress Enterprise variants.
+  # Optionally, it can create any new necessary certificate or profile.
+  #
+  # @option [Boolean] readonly (default: true) Whether to only fetch existing certificates and profiles, without generating new ones.
+  #
+  lane :update_certs_and_profiles_enterprise do |readonly: true|
+    update_certs_and_profiles_jetpack_enterprise(readonly: readonly)
+    update_certs_and_profiles_wordpress_enterprise(readonly: readonly)
+  end
 end
 
 def update_code_signing_enterprise(readonly:, app_identifiers:)
@@ -124,13 +146,12 @@ def update_code_signing(type:, team_id:, readonly:, app_identifiers:, api_key_pa
   # NOTE: It might be neccessary to add `force: true` alongside `readonly: true` in order to regenerate some provisioning profiles.
   # If this turns out to be a hard requirement, we should consider updating the method with logic to toggle the two setting based on whether we're fetching or renewing.
   match(
-    storage_mode: 's3',
-    s3_bucket: 'a8c-fastlane-match',
     type: type,
     team_id: team_id,
     readonly: readonly,
     app_identifier: app_identifiers,
-    api_key_path: api_key_path
+    api_key_path: api_key_path,
+    **CODE_SIGNING_STORAGE_OPTIONS
   )
 end